Using different cipher suites for fips

Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-15 16:56:29 -07:00 · 2022-03-15 16:56:29 -07:00 · d374b468d8
commit d374b468d8
parent 901f9fba02
4 changed files with 156 additions and 71 deletions
--- a/internal/crypto/ptls/default.go
+++ b/internal/crypto/ptls/default.go
@ -0,0 +1,59 @@
+// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !fips_strict
+// +build !fips_strict
+
+package ptls
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+)
+
+func Default(rootCAs *x509.CertPool) *tls.Config {
+	return &tls.Config{
+		// Can't use SSLv3 because of POODLE and BEAST
+		// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+		// Can't use TLSv1.1 because of RC4 cipher usage
+		//
+		// The Kubernetes API Server must use TLS 1.2, at a minimum,
+		// to protect the confidentiality of sensitive data during electronic dissemination.
+		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242378
+		MinVersion: tls.VersionTLS12,
+
+		// the order does not matter in go 1.17+ https://go.dev/blog/tls-cipher-suites
+		// we match crypto/tls.cipherSuitesPreferenceOrder because it makes unit tests easier to write
+		// this list is ignored when TLS 1.3 is used
+		//
+		// as of 2021-10-19, Mozilla Guideline v5.6, Go 1.17.2, intermediate configuration, supports:
+		// - Firefox 27
+		// - Android 4.4.2
+		// - Chrome 31
+		// - Edge
+		// - IE 11 on Windows 7
+		// - Java 8u31
+		// - OpenSSL 1.0.1
+		// - Opera 20
+		// - Safari 9
+		// https://ssl-config.mozilla.org/#server=go&version=1.17.2&config=intermediate&guideline=5.6
+		//
+		// The Kubernetes API server must use approved cipher suites.
+		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242418
+		CipherSuites: []uint16{
+			// these are all AEADs with ECDHE, some use ChaCha20Poly1305 while others use AES-GCM
+			// this provides forward secrecy, confidentiality and authenticity of data
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		},
+
+		// enable HTTP2 for go's 1.7 HTTP Server
+		// setting this explicitly is only required in very specific circumstances
+		// it is simpler to just set it here than to try and determine if we need to
+		NextProtos: []string{"h2", "http/1.1"},
+
+		// optional root CAs, nil means use the host's root CA set
+		RootCAs: rootCAs,
+	}
+}
--- a/internal/crypto/ptls/fips_strict.go
+++ b/internal/crypto/ptls/fips_strict.go
@ -1,10 +1,15 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
 //go:build fips_strict
 // +build fips_strict

 package ptls

 import (
+	"crypto/tls"
 	_ "crypto/tls/fipsonly" // restricts all TLS configuration to FIPS-approved settings.
+	"crypto/x509"
 	"log"
 	"time"
 )
@ -15,3 +20,59 @@ func init() {
 		log.Println("using boringcrypto in fips only mode.")
 	}()
 }
+
+// FIPS does not support TLS 1.3.
+// Therefore, we cannot use Pinniped's usual secure configuration,
+// which requires TLS 1.3.
+// We also have a shorter list of 1.2 suites to choose from.
+// Secure is just a wrapper for Default in this case.
+func Secure(rootCAs *x509.CertPool) *tls.Config {
+	return Default(rootCAs)
+}
+
+func Default(rootCAs *x509.CertPool) *tls.Config {
+	return &tls.Config{
+		// Can't use SSLv3 because of POODLE and BEAST
+		// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+		// Can't use TLSv1.1 because of RC4 cipher usage
+		//
+		// The Kubernetes API Server must use TLS 1.2, at a minimum,
+		// to protect the confidentiality of sensitive data during electronic dissemination.
+		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242378
+		MinVersion: tls.VersionTLS12,
+
+		// the order does not matter in go 1.17+ https://go.dev/blog/tls-cipher-suites
+		// we match crypto/tls.cipherSuitesPreferenceOrder because it makes unit tests easier to write
+		// this list is ignored when TLS 1.3 is used
+		//
+		// as of 2021-10-19, Mozilla Guideline v5.6, Go 1.17.2, intermediate configuration, supports:
+		// - Firefox 27
+		// - Android 4.4.2
+		// - Chrome 31
+		// - Edge
+		// - IE 11 on Windows 7
+		// - Java 8u31
+		// - OpenSSL 1.0.1
+		// - Opera 20
+		// - Safari 9
+		// https://ssl-config.mozilla.org/#server=go&version=1.17.2&config=intermediate&guideline=5.6
+		//
+		// The Kubernetes API server must use approved cipher suites.
+		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242418
+		CipherSuites: []uint16{
+			// these are all AEADs with ECDHE, some use ChaCha20Poly1305 while others use AES-GCM
+			// this provides forward secrecy, confidentiality and authenticity of data
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		},
+
+		// enable HTTP2 for go's 1.7 HTTP Server
+		// setting this explicitly is only required in very specific circumstances
+		// it is simpler to just set it here than to try and determine if we need to
+		NextProtos: []string{"h2", "http/1.1"},
+
+		// optional root CAs, nil means use the host's root CA set
+		RootCAs: rootCAs,
+	}
+}
--- a/internal/crypto/ptls/ptls.go
+++ b/internal/crypto/ptls/ptls.go
@ -1,4 +1,4 @@
-// Copyright 2021 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0

 package ptls
@ -23,76 +23,6 @@ import (

 type ConfigFunc func(*x509.CertPool) *tls.Config

-func Default(rootCAs *x509.CertPool) *tls.Config {
-	return &tls.Config{
-		// Can't use SSLv3 because of POODLE and BEAST
-		// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
-		// Can't use TLSv1.1 because of RC4 cipher usage
-		//
-		// The Kubernetes API Server must use TLS 1.2, at a minimum,
-		// to protect the confidentiality of sensitive data during electronic dissemination.
-		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242378
-		MinVersion: tls.VersionTLS12,
-
-		// the order does not matter in go 1.17+ https://go.dev/blog/tls-cipher-suites
-		// we match crypto/tls.cipherSuitesPreferenceOrder because it makes unit tests easier to write
-		// this list is ignored when TLS 1.3 is used
-		//
-		// as of 2021-10-19, Mozilla Guideline v5.6, Go 1.17.2, intermediate configuration, supports:
-		// - Firefox 27
-		// - Android 4.4.2
-		// - Chrome 31
-		// - Edge
-		// - IE 11 on Windows 7
-		// - Java 8u31
-		// - OpenSSL 1.0.1
-		// - Opera 20
-		// - Safari 9
-		// https://ssl-config.mozilla.org/#server=go&version=1.17.2&config=intermediate&guideline=5.6
-		//
-		// The Kubernetes API server must use approved cipher suites.
-		// https://stigviewer.com/stig/kubernetes/2021-06-17/finding/V-242418
-		CipherSuites: []uint16{
-			// these are all AEADs with ECDHE, some use ChaCha20Poly1305 while others use AES-GCM
-			// this provides forward secrecy, confidentiality and authenticity of data
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		},
-
-		// enable HTTP2 for go's 1.7 HTTP Server
-		// setting this explicitly is only required in very specific circumstances
-		// it is simpler to just set it here than to try and determine if we need to
-		NextProtos: []string{"h2", "http/1.1"},
-
-		// optional root CAs, nil means use the host's root CA set
-		RootCAs: rootCAs,
-	}
-}
-
-func Secure(rootCAs *x509.CertPool) *tls.Config {
-	// as of 2021-10-19, Mozilla Guideline v5.6, Go 1.17.2, modern configuration, supports:
-	// - Firefox 63
-	// - Android 10.0
-	// - Chrome 70
-	// - Edge 75
-	// - Java 11
-	// - OpenSSL 1.1.1
-	// - Opera 57
-	// - Safari 12.1
-	// https://ssl-config.mozilla.org/#server=go&version=1.17.2&config=modern&guideline=5.6
-	c := Default(rootCAs)
-	c.MinVersion = tls.VersionTLS13 // max out the security
-	c.CipherSuites = []uint16{
-		// TLS 1.3 ciphers are not configurable, but we need to explicitly set them here to make our client hello behave correctly
-		// See https://github.com/golang/go/pull/49293
-		tls.TLS_AES_128_GCM_SHA256,
-		tls.TLS_AES_256_GCM_SHA384,
-		tls.TLS_CHACHA20_POLY1305_SHA256,
-	}
-	return c
-}
-
 func DefaultLDAP(rootCAs *x509.CertPool) *tls.Config {
 	c := Default(rootCAs)
 	// add less secure ciphers to support the default AWS Active Directory config
--- a/internal/crypto/ptls/secure.go
+++ b/internal/crypto/ptls/secure.go
@ -0,0 +1,35 @@
+// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !fips_strict
+// +build !fips_strict
+
+package ptls
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+)
+
+func Secure(rootCAs *x509.CertPool) *tls.Config {
+	// as of 2021-10-19, Mozilla Guideline v5.6, Go 1.17.2, modern configuration, supports:
+	// - Firefox 63
+	// - Android 10.0
+	// - Chrome 70
+	// - Edge 75
+	// - Java 11
+	// - OpenSSL 1.1.1
+	// - Opera 57
+	// - Safari 12.1
+	// https://ssl-config.mozilla.org/#server=go&version=1.17.2&config=modern&guideline=5.6
+	c := Default(rootCAs)
+	c.MinVersion = tls.VersionTLS13 // max out the security
+	c.CipherSuites = []uint16{
+		// TLS 1.3 ciphers are not configurable, but we need to explicitly set them here to make our client hello behave correctly
+		// See https://github.com/golang/go/pull/49293
+		tls.TLS_AES_128_GCM_SHA256,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_CHACHA20_POLY1305_SHA256,
+	}
+	return c
+}